[Andreas Schockenhoff] > I run into this problem. > > ldapvi --host ldap -ZZ --bind simple --tls allow -D > 'cn=super-admin,ou=People,dc=skole,dc=skolelinux,dc=no' > ldap_start_tls_s: Connect error (-11) > additional info: TLS: hostname does not match CN in peer certificate
You need to use FQDN, ie ldap.intern as the --host parameter to avoid this. > The netgroup is a solution that based on IPs so it is not really > secure. Now we have Kerberos running is there an other solution? So > may be we do not need the netgroups. Netgroups are used for NFS exports, network filtering and shutdown-at-night features. Not all of these can be repaced by kerberos. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
